Information Security News mailing list archives
Re: Life of Crime
From: InfoSec News <isn () C4I ORG>
Date: Wed, 21 Mar 2001 23:51:04 -0600
Forwarded by: "Talleur, Thomas" <ttalleur () kpmg com> cc: Russell Coker <russell () coker com au> [Mr. Talleur included a 261KB .PDF that I didn't want to forward to everyone, I will take a peek at it on Friday and likely post it somewhere on c4i.org with Mr. Talleur's permission. Any additional comments on this should be taken to private mail. - WK] Russell: My brief response to your Email is not intended to be a comprehensive answer for a variety of reasons ... Don't be too harsh on FAST ... they only had space for a snippet piece about the future in this respect, and, I didn't share with them my complete thinking about the future because I've had to copyright a lot of invented terms, technology stuff, and theses for a book that I keep saying I'm going to write. So in part, they didn't hear it all from me, and in part, they're getting part of the conclusions from a thesis that you couldn't see laid out to justify it. Also, I didn't write it ... they interpreted what I said ... and wrote it. All I will say is this: cyber crime (today) is organized crime ... not just traditional OC groups ... but new, loosely confederated but organized cyber groups. This stems from my day to day experience at NASA. This type of insight is not always part of the experiential set of others in law enforcement and security positions for a variety of reasons. For this reason, some people will not understand this type of statement. Also, I followed the invention of advanced technologies at NASA to understand their impact and their fabrication process. The creation of new technologies to achieve NASA's mission raises the issue of how they will be exploited when implemented in new spacecraft and technologies. It was my job to understand this and to creat counterexploitations so that when new technologies were introduced, we would have an effective law enforcement mechanism in place to deal with them and to share with the agency's management for security purposes. If one understands how adaptive crime occurs today, it's not a far stretch to understand how the next level involves predatory, morphological aspects. As far as nanotechnology goes, NASA is experimenting with this right now to address cancer with the National Institute of Health using nanotechnology. It's not a far stretch to see how these types of entities could be created for malign purposes ... I already saw pre-cursors to them at NASA. The reason people will acquiesce to having chips implanted their bodies is for the same reasons that people accept pacemakers today: improve health, performance, and enhance the living experience, and to compete with others. Instead of taking Ritalin or Prozac tomorrow to deal with ADHD or Manic Depression, these chips will be used to regulate the brain to help people with these afflictions. And to keep up in school, parents will face the delightful and awful choice of allowing the implantation of these into their kids bodies so that their massive neural parallel processors (brains) are accompanied by strong serial co-processors (our weakness) before their shelf life ends (of this technology) according to Moores law by about 2020. <"Cybercrime won't stifle the expansion of e-commerce -- it will ... Wrong. There are many occasions when I have considered buying items online but decided not to because I couldn't trust the integrity and ability of the people who run the web site.< I'm afraid I disagree ... we see it now. The Internet is filled with business and other operations that are put on there to facilitate interelationships ... even when the parties doing so know that there are risks. This trend will continue no matter what ... . I agree with you about the nature of man ... but actions speak louder than words. Man has a history of embracing and using technology long before he understands the risks and the trends of exposure abound around us. Thanks for the recommendations about others books, but, I don't read them so as to not taint my real life experiences in dealing with this stuff with others intellectual property. I think if you can remove yourself from experience sets / perceptions that might find inhibiting it will be easier to understand all of this. Again ... my theses are based upon my real life experiences in dealing with adaptive technological crime in an advanced technology public agency. My perceptions about the future are not speculations, but syntheses of my knowledge about new and coming technologies and how the exploitation of them in the future could have a dark side. Thanks for sharing your thoughts and I'm glad the article provoked critical thought on your part and caused you to craft your comments. Best wishes, tt PS ... here's some more down to earth stuff to read ... http://www.cio.com/archive/030101/autopsy.html http://www.advisor.com/Articles.nsf/aid/LEEDH148 http://washingtonpost.com/wp-srv/liveonline/00/business/walker/walker0803.ht m http://www.msnbc.com/news/457161.asp#BODY -----Original Message----- From: Russell Coker [mailto:russell () coker com au] Sent: Wednesday, March 21, 2001 11:31 AM To: William Knowles Cc: ttalleur () kpmg com Subject: Re: [ISN] Life of Crime
Scenario "Technology is feverishly re-creating our physical reality. As we begin to coprocess the virtual world and the physical world,
What is that supposed to mean? The only reference to "coprocess" I know of is in regard to 80387 type devices, but I don't think that's what the author means.
integrating technology into every support device of our lives, we're learning to tolerate a greater threshold of cyberattacks. Tomorrow, we will put up with e-crimes the way we tolerate allergies today. The
Only if "port scanning" is considered an e-crime.
E-crimes will exploit us in very personal ways as cyberchips are embedded into our bodies. We will learn to accept the side effects of such invasions, much like the way we deal with the effects of drugs and vaccinations."
This is presuming of course that there is a significant number of people who are stupid enough to have computers running software from the usual vendors of insecure software installed in their bodies. There is an endless supply of stupid people, but are there enough people who are that stupid?
"Our society will be running around like a dog chasing its tail as our physical reality becomes crafted at the subatomic level by self-replicating nanobots. E-crimes will become adaptive, predatory, and morphological, driven by entities that exist solely to destroy
So is an "e-crime" a misbehaved nano-bot then? If so then I suggest reading Bill Joy's writing on the topic as published in Wired magazine (it's on http://www.wired.com/ ). Also what is this about "sub-atomic level"? Are the naughty nano-bots supposed to be engaged in nuclear fission, nuclear fusion, or transmutation (as sought after by alchemists)?
entire communication networks. Cyber-illnesses will become so pervasive that entire service brownouts will delay global communication and B2B commerce, which in turn will create tremendous opportunities for further abuses in the marketplace." Futurology Decoder Key "Cybercrime won't stifle the expansion of e-commerce -- it will
Wrong. There are many occasions when I have considered buying items online but decided not to because I couldn't trust the integrity and ability of the people who run the web site. I would probably spend at least $5000 a year purchasing items over the Internet if people were capable of running their servers securely. For purchase orders which I am involved in preparing there would probably be at least $100,000 of business to business sales per year if it was possible to trust the vendors. Some of the companies that I buy from have chosen not to sell over the Internet for the following reasons: 1) Customers wouldn't believe that their site was secure and consequently they wouldn't get the sales. 2) They have seen other companies suffer significant PR hits when their site gets hacked. It's better not to do online sales than have to do an expensive clean-up. 3) They don't believe that they are capable of securely running a site, given the record of certain software products we all use most companies could use this reason if they were honest! E-commerce would involve at least 10 times as many transactions if people believed it was secure. It is being very stifled by the lack of security - which is a good thing!
accompany it. As technology becomes more sophisticated, entire markets will be created for cyberwarfare entities and then for counter entities. And the focus will be on defending the individual. Clinical psychologists of cyberspace will help people cope with the new reality of integrated virtual and physical worlds, where we'll experience unprecedented exploitations. Widespread identity thefts will follow. We'll see cases of permanent identity loss by 2015."
I recommend reading some of Neal Stephenson's books. Neal has some very interesting ideas regarding nano-warfare, cryptology, and related issues. He has obviously spent considerable amounts of time with people who are work with related technologies. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Life of Crime William Knowles (Mar 19)
- <Possible follow-ups>
- Re: Life of Crime InfoSec News (Mar 22)
- Re: Life of Crime InfoSec News (Mar 22)